CVE-2023-28771
Description
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Zyxel Corporation
Severity: CRITICAL
CVE ID: CVE-2023-28771
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
benjaminhays
PoC for CVE-2023-28771 based on Rapid7's excellent writeup
Refrence: GitHub
Content on GitHub
getdrive | watchers:56
PoC
PoC. Severity critical.
Refrence: GitHub